Re: [whatwg] Cross-Origin Cookies Sharing Proposal from Huan Du on 2013-06-24 (public-whatwg-archive@w3.org from June 2013)

From: Huan Du <dh20156@gmail.com>
Date: Mon, 24 Jun 2013 18:06:38 +0800
To: Mountie Lee <mountie@paygate.net>
Cc: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>, whatwg@whatwg.org, ???? <yiorsi@gmail.com>, ??? <csf178@gmail.com>, Kang-Hao Lu <kennyluck@w3.org>
Message-ID: <CAMBN-K5DMOQ5OYVq_hZ=ozjHCXu9gF3YE0nU=MNyQw+zDK6tjg@mail.gmail.com>

Hi Mountie,

I think they are different experiences. we want a smooth solution.

Regards,
Charlie


2013/6/24 Mountie Lee <mountie@paygate.net>

> for SSO,
> did you tried SAML or OAuth?
>
>
> On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote:
>
>> Nils,
>>
>> Thanks for your feedback.
>>
>> There are 3 web sites in Alibaba at least: taobao.com, tmall.com,
>> etao.com. all of them are using a same account management system
>> including Sign up, Sign in.
>>
>> The requirement is simple for the account management system. when  user A
>> signed in taobao.com, we expect A is signed in tmall.com and etao.com.
>>
>> Regards,
>> Charlie
>>
>>
>> 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
>>
>>> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
>>>
>>> > As privacy awareness becomes prevelant, the trend is that future
>>> > browsers are going to ban third-party Cookies by default.
>>> >
>>> > This is a good thing for users, but for giant internet companies,
>>> > this has no doubt increases the difficult and complexity of
>>> > implementing user session synchronization.
>>>
>>> I have a suspicion that the only thing that cannot be done easily
>>> without cookies is tracking – that is, pretending that a user has an
>>> account, but ensuring that she has not made that choice consciously.
>>>
>>> Everything else, so it seems to me, can be done RESTful. Am I wrong?
>>>
>>> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
>>> > indicate which domains it would like to share Cookies with?
>>> >
>>> > The user account management system of Alibaba  have encountered this
>>> > issues and been troubled by this issue. It there's a proposal like
>>> > this, it would be very nice.
>>>
>>> Can you elaborate? Why would an account management system need sessions?
>>>
>>> --
>>> Nils Dagsson Moskopp // erlehmann
>>> <http://dieweltistgarnichtso.net>
>>>
>>
>>
>
>
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
>  =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>
>
>

Received on Monday, 24 June 2013 10:07:04 UTC